More than 200 million known malware samples

McAfee Labs has released their June 2014 Threat report and for the first time in history the McAfee “zoo” has grown beyond 200 million samples of known malware. Unfortunately it doesn’t stop there. We see a continued rise of malware, with 236 new samples detected every minute, or close to 4 every second – representing an annual growth of 49% since 2011.

The key findings from our June 2014 reports are as follows:

Flappy Bird, a game released in 2013 by Vietnam-based developer Nguyen Ha Dong, was the most downloaded free game on the iOS App Store at the end of January 2014. In February, Nguyen took down the game due to concerns over its addictive nature. Since then, numerous clones have appeared on various app stores. McAfee sampled 300 of those clones and found that 79% of them contained malware. Some of the malicious behaviors observed include, making calls, sending premium SMS, installing additional apps, tracking geo-locations and allowing root access to the device. Many hope that Nguyen will release a new version of the app which is less addictive by forcing players to take breaks. Unfortunately that won’t stop the clones transmitting malware entirely.

The other snake oil salesmen in the threat landscape are actually bad guys selling their wares to other bad guys. In a very good marketing campaign, the bad guys have convinced the other bad guys that they can make a fortune, in the form of Bitcoins, by adding a “currency-mining feature” to their botnets. And they’re selling them bot tools to do exactly that. The only problem is that our research has shown that it’s actually not viable due to the shortcoming of the hardware. On a positive side for users, the additional activity generated by botnets using the mining feature actually makes them more detectable!

Rootkits are those nasty little things that install themselves in front of the operating system and infect a system without most anti-virus software being aware of their existence. They do this by inserting themselves into drivers and other software which is loaded when the kernel boots up. With the move to more secure 64-bit systems and digital certificates there had been a decline in the rootkit tally since 2008. But now we’re seeing a resurgence, as hackers have cracked the more secure 64-bit systems and are frequently using stolen digital certificates to make their malware look legitimate. However, all is not lost as McAfee offers a Deep Defender product which, when deployed on Intel Xeon processors with vPro, detect those rootkits during boot up time.

Just like the quarters before, this quarter has proven to be no different, with an increase of 22% in mobile malware samples. In most cases, the malware is designed to steal sensitive information or send premium SMS messages. Not only is mobile malware taking advantage of standard platform features to do its sneaky stuff, it’s now becoming localized too. The  A Android malware takes the permission granted by the user to access the device and download additional software via the pay-to-download feature, which opens the floodgates to download significant amounts of other malware. And to make matters worse, the developers have even localized the malware into Japanese – ensuring it targets even more unsuspecting users.

Want to learn more? Download the McAfee Labs 2014 June Threat Report and find out what you need to do to stay a step-ahead.

The post More than 200 million known malware samples appeared first on McAfee.

Android attack improves timing, allows data theft

A malicious application could enable the theft of login credentials, sensitive images, and other data from Android smartphones by making use of a newly discovered information-leakage weakness in the operating system, according to a team of researchers from the University of Michigan and the University of California at Riverside.

The attack, known as a user interface (UI) inference attack, makes use of the design of programming frameworks that share memory, allowing one application to gather information about the state of other applications. The information can be gathered without any special Android permissions or by grabbing screen pixels, according to a paper presented at the USENIX Security Conference on Friday.

The technique gives attackers the ability to infer the state of a targeted application, enabling more convincing attacks. If malware knows that the targeted user has just clicked on a "login" button, then it can throw up a dialog box asking for a username and password. If the malware can infer that a user is about to take a picture of a check or sensitive document, it can quickly take a second picture.

Read 9 remaining paragraphs | Comments